205007 – security/openssl: Multiple Security Vulnerabilities (Update to 1.0.2e)

Bug 205007 - security/openssl: Multiple Security Vulnerabilities (Update to 1.0.2e)

Summary: security/openssl: Multiple Security Vulnerabilities (Update to 1.0.2e)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Dirk Meyer

URL:	https://www.openssl.org/news/secadv/2...
Keywords:	needs-qa, patch, security

Depends on:
Blocks:	205009
	Show dependency tree / graph

Reported:	2015-12-04 06:53 UTC by Kubilay Kocak
Modified:	2015-12-05 09:43 UTC (History)
CC List:	3 users (show)

See Also:

Flags:	delphij: maintainer-feedback+ delphij: merge-quarterly+

Attachments
Proposed patch (4.26 KB, patch) 2015-12-04 10:27 UTC, Xin LI	delphij: maintainer-approval?	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kubilay Kocak freebsd_committer

2015-12-04 06:53:32 UTC

OpenSSL Security Advisory [3 Dec 2015]

 * BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
 * Certificate verify crash with missing PSS parameter (CVE-2015-3194)
 * X509_ATTRIBUTE memory leak (CVE-2015-3195)
 * Race condition handling PSK identify hint (CVE-2015-3196)

Comment 1 Xin LI freebsd_committer

2015-12-04 10:27:26 UTC

Created attachment 163838 [details]
Proposed patch

Comment 2 Xin LI freebsd_committer

2015-12-05 09:43:48 UTC

Fix committed after poudriere and make test.